admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-01 16:23:32 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
ba03e54063a94de8155adf476dc07e5b39bca341
nuclei-templates/cloud/gcp/function/gcloud-func-auto-runtime-updates-disabled.yaml
Prince Chaddha ea7a5969c8 Revert "chore: update TemplateMan 🤖" 
This reverts commit c31d574176.
2025-05-27 10:39:47 +08:00

72 lines
2.2 KiB
YAML
Raw Blame History

id: gcloud-func-auto-runtime-updates-disabled
info:
name: Automatic Runtime Security Updates Disabled in Google Cloud Functions
author: princechaddha
severity: medium
description: |
Ensure that automatic runtime security updates are enabled for your Google Cloud functions in order to keep the functions secure and protected against vulnerabilities without manual intervention.
impact: |
Having automatic runtime security updates disabled can expose Google Cloud functions to vulnerabilities which could be mitigated by timely updates.
remediation: |
Enable automatic runtime security updates for each Google Cloud function by setting the `serviceConfig.minInstanceCount` to a non-null value, ensuring functions are automatically updated with the latest security patches.
reference:
- https://cloud.google.com/functions/docs/securing/managing-security
tags: cloud,devops,gcp,gcloud,google-cloud-functions,gcp-cloud-config
flow: |
code(1)
for(let projectId of iterate(template.projectIds)){
set("projectId", projectId)
code(2)
for(let functionDetail of iterate(template.functions)){
set("functionName", functionDetail)
code(3)
}
}
self-contained: true
code:
- engine:
- sh
- bash
source: |
gcloud projects list --format="json(projectId)"
extractors:
- type: json
name: projectIds
internal: true
json:
- '.[].projectId'
- engine:
- sh
- bash
source: |
gcloud functions list --project $projectId --format="json(name)"
extractors:
- type: json
name: functions
internal: true
json:
- '.[].name'
- engine:
- sh
- bash
source: |
gcloud functions describe $functionName --format="json(serviceConfig.minInstanceCount)"
matchers:
- type: word
words:
- 'null'
extractors:
- type: dsl
dsl:
- '"Automatic Runtime Security Updates Disabled in function: " + functionName + " in Project: " + projectId'
# digest: 4b0a00483046022100f41be90788c213768a91b9c804665007a6c775591d782d20231cd9998493e0e0022100b4216a242eded9560fcb101e7f96643795aa055c7fe359c346a82eca90de74cb:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink